68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
Size

1.3MB
MD5

ab21e6570b23dc9c28e031f72fdacf78
SHA1

99de406df5d2d902cbb8a66c692a86cb79154b19
SHA256

68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8
SHA512

f8a709367962c1ab02c3cfd4115df3d025ad1ae8f05ccd780654a14b74577e423ea62b6babeb35a0a1af4fd80135b57e7de1753e70aa9451632cbfc9b71a1809
SSDEEP

24576:7rKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakH:7rKo4ZwCOnYjVmJPao

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe

description	pid	process	target process
PID 1180 set thread context of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe

pid	process
5060	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
5060	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
5060	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
5060	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
5060	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe

description	pid	process	target process
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
PID 1180 wrote to memory of 5060	1180	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe	68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe

C:\Users\Admin\AppData\Local\Temp\68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
"C:\Users\Admin\AppData\Local\Temp\68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Users\Admin\AppData\Local\Temp\68f0adc891bff8715349fcadffe6c58bc53d87a1924e2f05c1de9770bd892eb8.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5060-132-0x0000000000000000-mapping.dmp

Download
memory/5060-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/5060-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/5060-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/5060-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/5060-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/5060-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download